How to Protect Unified Communications Against Cybersecurity Threats
By Sam O’ Brien
A company’s relationship with the Internet is much like a marriage of convenience. If the pair were to have a child, it would be UCaaS. UC is the integration of business communication services across multiple devices and media types. So we’re talking about your phone calls, video conferencing, instant messaging, SMS, and email for example.
Very much like a vulnerable child, for UC safety is always an issue. Indeed, cyber attacks are most likely to go for your communication channels before anything else. Moreover, whether arriving via spam, first generation software, or phishing, attacks always spell bad news. As more and more companies deploy unified communications as their core contact centre technology, we must now understand how to defend it. So what’s the best way to protect our beloved UC given it’s still relatively in its infancy? Well, we’ve shared some pointers in this post that should help you safeguard against attacks.
The Growing Threat of Cyber Attacks on Business
With the business industry quickly moving UC online, and with customers becoming more digitally connected through the Internet of Things (IoT), cyber assets are now at greater risk than ever. Companies are logically making security a priority. A recent report by ESG Global found that 60% of organizations they surveyed were increasing their cybersecurity budgets this year. Furthermore, Cybersecurity Ventures states that cyber attacks are the fastest growing crime globally. It predicts that its damages will annually cost $6 trillion worldwide by 2021. In April of 2019, around 540 million of Facebook users’ records were exposed and published on Amazon’s cloud computing service. Within the same month, Facebook had also unintentionally made more than a million user emails public.
Capital One was also a victim of a major cyber attack in March of the same year, when a hacker gained access to 100 million customer accounts and credit card applications. 100,000 Social Security numbers, 80,000 bank accounts, and an undisclosed number of credit scores, balances, and addresses were also compromised. These are just two of the largest cyber attacks in the last year, and new security threats continue to emerge at a rapid pace. Cybersecurity attacks can result in the disruption of networks as well as unified communications systems paralysis. They can cause irreparable damage to businesses, and can even go as far as causing military equipment failure and breaching of national security secrets.
Because Cyber Threats increase exponentially every year, for most companies cyber attacks are no longer just a possibility, but an inevitability. So what can companies do to protect themselves?
Invest in Employee Education
A majority of cyber issues are a direct result of simple human error and judgement. According to EY’s Global Security Survey 2017, 74% of cyber attacks are due to careless or untrained employees. Scam emails and even weak or repeatedly used passwords are simple but effective channels for hackers. Phishing schemes are a recurring problem that employees continue to face, and most of them are ill-equipped to handle them. Cyber security policies and digital awareness must be put into practice to keep employees up-to-date on cyber security protocol. Businesses should invest in training programs and other relevant online learning tools to educate their employees on what to do in case of a potential threat or attack.
Create a Security Culture
A security-driven community culture also needs to be created within the company. With the growing use of remote work tools, and new kinds of cyber threats rising just as quickly, there must be a venue for corporate security experts and security teams to regularly meet and discuss how to stay ahead of potential attacks. A structure of different communication groups within the business must be put together to address the different technology platforms, whether through calling, messaging, or emailing. Larger companies should also consider having teams specifically responsible for streaming and social platforms.
Maintain an Effective Configuration Management Database (CMDB)
Most companies overlook their CMDB, which makes their organizations more vulnerable to attacks. By not keeping a well-maintained CMDB, businesses are more likely to find difficulty in implementing security procedures. This will open the door to more mistakes, and cost the company more time and resources down the line. Reinforcing CMDB and keeping equipment up-to-date can help secure organizations from threats.
Update Information Security Management System (ISMS)
Having an ISMS won’t do a company much good if it fails to do its job when needed.
Since we’ve established that cyber threats are always present, companies must not be complacent in checking that their ISMS is performing the way it should. A review of the system should become a regular practice, and security policies and procedures must be adjusted and optimized according to current threats. Another thing to consider when assessing ISMS is reinforcing the network itself. Businesses should look into session encryption and spam blocking, and decide on the cloud architecture that best addresses their needs.
Consider the National Institute of Standards and Technology (NIST)
The NIST, which is a physical sciences laboratory and non-regulatory agency of the United States Department of Commerce has presented a study listing guidelines to improve critical infrastructure cybersecurity. While these guidelines should be considered in its entirety, let’s focus on the 5 steps in its framework.
The first step is to understand the current business infrastructure, and to identify any possible cybersecurity risks to its systems, people, assets, and data. Since Unified Communications are the easiest and most common targets, resources must be assessed to know the businesses’ capability to handle any cybersecurity risks in its most vulnerable areas. This will enable an organization to focus its efforts to its particular needs, and to implement the necessary safeguards and critical services to lessen the risks of a cyber attack.
Layered security like antivirus softwares, firewalls, patch management, and password management should also be considered, depending on the company’s risk assessment and risk management strategy. Data should also be backed up regularly.
This can help limit and contain the impact of a potential cybersecurity breach.
Because the risks of cyber attacks are so high, being able to detect and discover cybersecurity threats as timely and as quickly as possible is of utmost importance. Ongoing network monitoring should be implemented, devices should be protected, and detection processes should be developed. Companies should consider using multifactor authentication as well as encrypting hard drives. Up to date technologies and VoIP phones are essential in ensuring that networks and unified communications are not vulnerable to cyber attacks.
Any security incident can become a crisis if not handled the right way. These should be treated depending on potential damage, and employees should be prepared and well-trained to address security threats in a timely and efficient manner. Companies must have an optimized crisis management process to lessen the impact and the damage of a cyber attack. Response planning must be prioritized and constant improvements must be made to be able to properly contain potential damage to as little of the company as possible.
Strategies for recovery must be regularly discussed and updated in the event of a cyber attack. External partners like cybersecurity specialists and government organizations should also be tapped, depending on the scale and reach of damage. Recovery plans must be able to contain and reduce the impact of a cybersecurity breach, and restore normal operations in a timely manner.
Why Companies Need to Act Fast
While the Internet provides many conveniences, it also has its consequences. With every development the Internet has to offer, cyber threats continue to meet them head on. This is why businesses need to start putting more importance on their cybersecurity. Companies must be able to keep up with the evolution of cyber threats, which become more potent everyday. While putting up defenses for cyber attacks may seem daunting, it is still possible. But priorities must be set, and a cybersecurity-culture must be created.